Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 6936 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

can't delete certificate

YeniPramono

Hi All, our customer are experiencing their user can't access Internet properly, the screenshot said that the reason is XG can't scan the requested content

 

So I checked the certificate page and try to delete unused certificate that previously uploaded by our customer. But this certificate can't be deleted because still used by HTTP based policy;

I guess this certificate is the main cause.

Are there any ways to configure the basic HTTP based policy so i can just remove this certificate away?

 

Thanks and Regards,

Yeni 



This thread was automatically locked due to age.
Parents
  • 0

    The "cannot scan" in the first screenshot is from the AV scanning, nothing to do with SSL decryption or certificates.

     

    If this is a single file, then most likely the file is corrupted or encrypted and the "Action on malware scan failure" has been configured to block.  Either change the global setting or create an exception.

    If this is all over the place, you most likely have a problem downloading the virus definitions.  Look at Backups and Firmware \ Pattern Updates.

  • 0 in reply to Michael Dunn

    Hi Michael,

    This is happening all over the place and have checked the virus definitions and update it from console (failed maybe because region problem) but succeeded from GUI.

    for temporary i change the "action on malware scan failure" configuration to allow, so the users can access Internet.

    I suspect that this problem caused by HTTPS Scanning CA is set to SecurityAppliance_SSL_CA

    today i'm going to change this to default, i'll tell you if the problem is solved.

     

    Thanks and Regards,

    Yeni Pramono

  • 0 in reply to YeniPramono

    Hi,

    did you check the u2d log like mentioned by Michael earlier? 

  • 0 in reply to LuCar Toni

    Hi Toni,

    the update log seems good,

    Regards,

    Yeni Pramono

  • 0 in reply to YeniPramono

    This is happening all over the place and have checked the virus definitions and update it from console (failed maybe because region problem) but succeeded from GUI.

    for temporary i change the "action on malware scan failure" configuration to allow, so the users can access Internet.

    I suspect that this problem caused by HTTPS Scanning CA is set to SecurityAppliance_SSL_CA

    today i'm going to change this to default, i'll tell you if the problem is solved.

    Please trust me that if you are getting block pages that say "The requested content could not be scanned for malware.  In may be corrupted on encrypted." your problem is somewhere in virus scanner.  Not in the Scanning CA, which is set to the normal default.

     

    Can you screenshot the pattern update page and the "malware and content scanning" section of General Settings?  And... 

    I'm just randomly trying to guess... maybe the check Administration > Licensing as well.  And make sure you are not running out of disk space.

    Also, as much I hate this type of solution, have you rebooted?

Reply
  • 0 in reply to YeniPramono

    This is happening all over the place and have checked the virus definitions and update it from console (failed maybe because region problem) but succeeded from GUI.

    for temporary i change the "action on malware scan failure" configuration to allow, so the users can access Internet.

    I suspect that this problem caused by HTTPS Scanning CA is set to SecurityAppliance_SSL_CA

    today i'm going to change this to default, i'll tell you if the problem is solved.

    Please trust me that if you are getting block pages that say "The requested content could not be scanned for malware.  In may be corrupted on encrypted." your problem is somewhere in virus scanner.  Not in the Scanning CA, which is set to the normal default.

     

    Can you screenshot the pattern update page and the "malware and content scanning" section of General Settings?  And... 

    I'm just randomly trying to guess... maybe the check Administration > Licensing as well.  And make sure you are not running out of disk space.

    Also, as much I hate this type of solution, have you rebooted?

Children
No Data